CVE-2017-12874

Опубликовано: 01 сент. 2017

Источник: debian

Описание

The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
simplesamlphp	fixed	1.14.11-1		package

Примечания

Issue lies in simplesamlphp/simplesamlphp-module-infocard and fixed
in 1.0.1. The module is embedded in src:simplesamlphp
https://simplesamlphp.org/security/201612-03
Patch: https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/7353762acacd827a61378629f87de991451089da

Связанные уязвимости

CVE-2017-12874

CVSS3: 7.5

ubuntu

больше 8 лет назад

The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.

CVE-2017-12874

CVSS3: 7.5

nvd

больше 8 лет назад

The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.

GHSA-fj28-869x-vv5g

CVSS3: 7.5

github

больше 3 лет назад

SimpleSAMLphp InfoCard module Incorrect signature verification